cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-30938,https://securityvulnerability.io/vulnerability/CVE-2022-30938,Memory Corruption in EN100 Ethernet Modules by Siemens,"A vulnerability exists within Siemens' EN100 Ethernet modules that can be exploited through specifically crafted HTTP packets. When an attacker targets the /txtrace endpoint and manipulates a particular argument, it results in a memory corruption issue. This can cause the affected application to crash, leading to a denial of service condition, impacting the availability of the services relying on these modules.",Siemens,"En100 Ethernet Module Dnp3 Ip Variant,En100 Ethernet Module Iec 104 Variant,En100 Ethernet Module Iec 61850 Variant,En100 Ethernet Module Modbus Tcp Variant,En100 Ethernet Module Profinet Io Variant",7.5,HIGH,0.0007800000021234155,false,,false,false,false,,false,false,2022-07-12T10:06:41.000Z,0
CVE-2022-30937,https://securityvulnerability.io/vulnerability/CVE-2022-30937,Memory Corruption Vulnerability in Siemens EN100 Ethernet Modules,"A memory corruption vulnerability exists in various Siemens EN100 Ethernet modules when processing specially crafted HTTP packets sent to the /txtrace endpoint. Successful exploitation of this vulnerability could lead to application crashes, resulting in a denial of service. All versions of affected modules, including those for DNP3, IEC 104, Modbus TCP, and PROFINET IO, are susceptible, with particular versions of the IEC 61850 module being especially at risk. Users are advised to implement mitigation strategies to protect their network infrastructures.",Siemens,"En100 Ethernet Module Dnp3 Ip Variant,En100 Ethernet Module Iec 104 Variant,En100 Ethernet Module Iec 61850 Variant,En100 Ethernet Module Modbus Tcp Variant,En100 Ethernet Module Profinet Io Variant",7.5,HIGH,0.0007800000021234155,false,,false,false,false,,false,false,2022-06-14T09:21:54.000Z,0
CVE-2019-13942,https://securityvulnerability.io/vulnerability/CVE-2019-13942,,"A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens Ag,"En100 Ethernet Module Dnp3 Variant,En100 Ethernet Module Iec 61850 Variant,En100 Ethernet Module Iec104 Variant,En100 Ethernet Module Modbus Tcp Variant,En100 Ethernet Module Profinet Io Variant",7.5,HIGH,0.0014900000533089042,false,,false,false,false,,false,false,2019-12-12T19:08:46.000Z,0
CVE-2019-13943,https://securityvulnerability.io/vulnerability/CVE-2019-13943,,"A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known.",Siemens Ag,"En100 Ethernet Module Dnp3 Variant,En100 Ethernet Module Iec 61850 Variant,En100 Ethernet Module Iec104 Variant,En100 Ethernet Module Modbus Tcp Variant,En100 Ethernet Module Profinet Io Variant",6.1,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2019-12-12T19:08:46.000Z,0
CVE-2019-13944,https://securityvulnerability.io/vulnerability/CVE-2019-13944,,"A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens Ag,"En100 Ethernet Module Dnp3 Variant,En100 Ethernet Module Iec 61850 Variant,En100 Ethernet Module Iec104 Variant,En100 Ethernet Module Modbus Tcp Variant,En100 Ethernet Module Profinet Io Variant",5.3,MEDIUM,0.0014299999456852674,false,,false,false,false,,false,false,2019-12-12T19:08:46.000Z,0
CVE-2018-16563,https://securityvulnerability.io/vulnerability/CVE-2018-16563,,"A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Firmware Variant Iec 61850 For En100 Ethernet Module,Firmware Variant Modbus Tcp For En100 Ethernet Module,Firmware Variant Dnp3 Tcp For En100 Ethernet Module,Firmware Variant Iec104 For En100 Ethernet Module,Firmware Variant Profinet Io For En100 Ethernet Module,Siprotec 5 Relays With Cpu Variants Cp300 And Cp100 And The Respective Ethernet Communication Modules,Siprotec 5 Relays With Cpu Variants Cp200 And The Respective Ethernet Communication Modules",5.9,MEDIUM,0.0010499999625608325,false,,false,false,false,,false,false,2019-03-21T14:57:36.000Z,0
CVE-2018-11451,https://securityvulnerability.io/vulnerability/CVE-2018-11451,,"A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.80), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Firmware Variant Iec 61850 For En100 Ethernet Module,Firmware Variant Profinet Io For En100 Ethernet Module,Firmware Variant Modbus Tcp For En100 Ethernet Module,Firmware Variant Dnp3 Tcp For En100 Ethernet Module,Firmware Variant Iec104 For En100 Ethernet Module,Siprotec 5 Relays With Cpu Variants Cp300 And Cp100 And The Respective Ethernet Communication Modules,Siprotec 5 Relays With Cpu Variants Cp200 And The Respective Ethernet Communication Modules",7.5,HIGH,0.002420000033453107,false,,false,false,false,,false,false,2018-07-23T21:00:00.000Z,0
CVE-2018-11452,https://securityvulnerability.io/vulnerability/CVE-2018-11452,,"A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Firmware Variant Iec 61850 For En100 Ethernet Module,Firmware Variant Profinet Io For En100 Ethernet Module,Firmware Variant Modbus Tcp For En100 Ethernet Module,Firmware Variant Dnp3 Tcp For En100 Ethernet Module,Firmware Variant Iec104 For En100 Ethernet Module",7.5,HIGH,0.002420000033453107,false,,false,false,false,,false,false,2018-07-23T21:00:00.000Z,0
CVE-2018-4839,https://securityvulnerability.io/vulnerability/CVE-2018-4839,,"A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.",Siemens,"Digsi 4,En100 Ethernet Module Dnp3 Variant,En100 Ethernet Module Iec 104 Variant,En100 Ethernet Module Iec 61850 Variant,En100 Ethernet Module Modbus Tcp Variant,En100 Ethernet Module Profinet Io Variant,Other Siprotec 4 Relays,Other Siprotec Compact Relays,Siprotec 4 7sd80,Siprotec 4 7sj61,Siprotec 4 7sj62,Siprotec 4 7sj64,Siprotec 4 7sj66,Siprotec Compact 7sj80,Siprotec Compact 7sk80",5.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2018-03-08T17:00:00.000Z,0
CVE-2018-4838,https://securityvulnerability.io/vulnerability/CVE-2018-4838,,"A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.",Siemens,"En100 Ethernet Module Iec 61850 Variant,En100 Ethernet Module Dnp3 Variant,En100 Ethernet Module Profinet Io Variant,En100 Ethernet Module Modbus Tcp Variant,En100 Ethernet Module Iec 104 Variant",7.5,HIGH,0.0009399999980814755,false,,false,false,false,,false,false,2018-03-08T17:00:00.000Z,0
CVE-2018-4840,https://securityvulnerability.io/vulnerability/CVE-2018-4840,,"A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords.",Siemens,"Digsi 4,En100 Ethernet Module Dnp3 Variant,En100 Ethernet Module Iec 104 Variant,En100 Ethernet Module Iec 61850 Variant,En100 Ethernet Module Modbus Tcp Variant,En100 Ethernet Module Profinet Io Variant",7.5,HIGH,0.0013899999903514981,false,,false,false,false,,false,false,2018-03-08T17:00:00.000Z,0